Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold

Sourav Das; Philippe Camacho; Zhuolun Xiang; Javier Nieto; Benedikt Bunz; Ling Ren

Paper 2023/598

Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold

Sourav Das, University of Illinois at Urbana-Champaign

Philippe Camacho, Espresso Systems

Zhuolun Xiang, Aptos Labs

Javier Nieto, University of Illinois at Urbana-Champaign

Benedikt Bunz, Espresso Systems

Ling Ren, University of Illinois at Urbana-Champaign

Abstract

Threshold signatures protect the signing key by sharing it among a group of signers so that an adversary must corrupt a threshold number of signers to be able to forge signatures. Existing threshold signatures with succinct signatures and constant verification times do not work if signers have different weights. Such weighted settings are seeing increasing importance in decentralized systems, especially in the Proof-of-Stake blockchains. This paper presents a new paradigm for threshold signatures for pairing- and discrete logarithm-based cryptosystems. Our scheme has a compact verification key consisting of only 7 group elements, and a signature consisting of 8 group elements. Verifying the signature requires 1 exponentiation and 13 bilinear pairings. Our scheme supports arbitrary weight distributions among signers and arbitrary thresholds. It requires non-interactive preprocessing after a universal powers-of-tau setup. We prove the security of our scheme in the Algebraic Group Model and implement it using golang. Our evaluation shows that our scheme achieves a comparable signature size and verification time to a standard (unweighted) threshold signature. Compared to existing multisignature schemes, our scheme has a much smaller public verification key.

Note: Full version of the ACM CCS paper.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Minor revision. ACM CCS 2023
Keywords: Weighted Threshold Signature Inner product arguments Multi-threshold Efficiency
Contact author(s): souravd2 @ illinois edu
philippe @ espressosys com
xiangzhuolun @ gmail com
jmnieto2 @ illinois edu
benedikt @ espressosys com
renling @ illinois edu
History: 2023-09-17: last of 2 revisions; 2023-04-27: received; See all versions
Short URL: https://ia.cr/2023/598
License: CC0

BibTeX

@misc{cryptoeprint:2023/598,
      author = {Sourav Das and Philippe Camacho and Zhuolun Xiang and Javier Nieto and Benedikt Bunz and Ling Ren},
      title = {Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/598},
      year = {2023},
      url = {https://eprint.iacr.org/2023/598}
}